• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

No STARTTLS capability with courier-imap

I

IntuitiveNipple

Guest
Using Plesk 8.1 on Fedora Core 5.

Switched one domain from another email server to the Plesk-managed server that has qmail with courier-imap.

Clients cannot now connect because courier-imap isn't offering the STARTTLS capability.
Code: 
$ telnet mail.server.com 143 
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] Courier-IMAP ready.
I've done a lot of Googling but cannot find anything definite.

The configuration files are correct (imapd-ssl has IMAPSTARTTLS=YES).

According to http://www.courier-mta.org/?couriertls.html
An application typically creates a network connection, then runs couriertls with appropriate options to encrypt the network connection with SSL/TLS
Click to expand...
How should I go about enabling STARTTLS with Plesk?
 
2 Bugs in courier-imap

After doing some testing this appears to be a combination of two bugs!.

Because xinetd is used to start imapd on-demand the non-standard xinetd configuration file /etc/xinetd.d/courier-imapd is used.

The server is specified as tcp-env and the various arguments are passed to it.

An undocumented "-f" option causes the file following the option to be parsed into the environment.
Code: 
server_args = -R -f /etc/courier-imap/imapd  /usr/sbin/imaplogin ...
So it causes /etc/courier-imap/imapd to be parsed, but crucially NOT /etc/courier-imap/imapd-ssl, where STARTTLS is controlled.

For weird reasons BOTH config files must be parsed by imaplogin if STARTTLS options are to be honoured, although this is barely documented.

The fix is to modify the xinetd server arguments to run a script that includes imapd-ssl rather than imaplogin itself.

I created the script /usr/sbin/imaplogin.sh:
Code: 
#! /bin/bash
#
source /etc/courier-imap/imapd-ssl
set >> /var/log/imapd.log
echo "$*" >> /var/log/imapd.log
/usr/sbin/imaplogin $*
and changed its permissions:
Code: 
$ chmod 755 /usr/sbin/imaplogin.sh
And edited /etc/xinetd.d/courier-imapd so its server_args call this script:
Code: 
  server_args = -R -f /etc/courier-imap/imapd /usr/sbin/imaplogin.sh ...
The second bug is the controlling variable that imaplogin looks for is "IMAP_STARTTLS" (defined in src/courier-imap/imap/capability.c have_starttls() ), but in /etc/courier-imap/imapd-ssl it is declared as IMAPDSTARTTLS.
 
You must log in or register to reply here.

Similar threads

L
Resolved IMAP not working with STARTTLS or SSL/TLS Mailserver Dovecot Problem
Replies
3
Views
4K
lberens
L
Linulex
CRAM-MD5 problems in plesk 12.0.18 #mu75
Replies
0
Views
1K
Linulex
Linulex
Edi Duluman
Question How to fix cleartext IMAP / FTP
Replies
3
Views
3K
UFHH01
U
Pagemakers
How do I disable Courier IMAP IDLE
Replies
7
Views
3K
daanse
D
T
Roundcube IMAP Error Authenticate
Replies
4
Views
4K
Lloyd_mcse
Lloyd_mcse
Back
Top